A Systematic Classification of Cheating in Online Games Anonymized for review Abstract searchers, although many online game players have been familiar with it for a considerable time. Second, Cheating is rampant in current game play on the In- the variety of online games now in existence has made ternet, as a new major security concern. However, it is cheating a complicated phenomenon. For example, not as well understood by security experts as one might there are a number of entirely different game genres, expect. In this paper, we first identify common forms of and each may give rise to varied forms of cheating. cheating as they have occurred or might occur in on- Third, many novel cheats have been invented that are line games. We then define a taxonomy of online game different from but often entangled with ordinary secu- cheating with respect to the underlying cause (namely rity attacks. what is exploited?), consequence (what type of secu- In this paper, we systematically examine cheating rity failure can be achieved?) and the cheating prin- in online games while adopting the following defini- cipal (who can cheat?). The four traditional aspects tion for it, which is a refined version of our previous of security – confidentiality, integrity, availability and definition used in [15]. authenticity – are insufficient to explain cheating and its consequences in online games. We argue that fair- Any behavior that a player uses to gain an ness is a vital additional aspect, and the problem of advantage or achieve a target in an online its enforcement provides a convincing perspective for game is cheating if, according to the game understanding the role of security techniques in devel- rules or at the discretion of the game oper- oping and operating online games. ator (i.e. the game service provider, who is not necessarily the developer of the game), the advantage is unfair to his peer players 1 Introduction or the target is one that he is not supposed to have achieved.1 While online games are fast becoming one of the Specifically, we present a classification scheme for on- most popular applications on the Internet [10], cheat- line game cheating, in the expectation that by catego- ing has emerged as a notable phenomenon in cur- rizing various online game cheats, our understanding rent game play on the Internet. Recent research has of this phenomenon will be extended, and useful pat- suggested that cheating is in fact a new, major secu- terns and conclusions can be established, and that it rity concern for online computer games [14, 15, 16]. will be possible to protect online game systems against Therefore, a careful investigation of online cheating cheating using these knowledge. It is intentionally can benefit the study of security in this representative reminiscent of the dependability taxonomy provided Internet application. in [8]. However, cheating has not been studied as thor- Our classification scheme provides a three dimen- oughly as one might expect. For instance, although sional taxonomy for online cheating, in which the clas- online cheating is rampant in games, there is no gener- 1 ally accepted definition for it. At present the preponderence of cheating in online games is carried out by male game players, so for linguistic convenience in Three reasons may explain this fact. First of all, the rest of this paper we will appear to imply that all cheaters are cheating is a relatively new topic for security re- male. sification is made with respect to the underlying cause Pritchard [14] proposed a six-category framework (what is exploited?), cheating consequence (what type as follows. of security failure can be achieved?) and cheating prin- cipal (who can cheat?) respectively. • Reflex augmentation: exploiting a computer pro- Our taxonomy is aimed at being comprehensible gram to replace human reaction to produce supe- and useful to security experts, game developers, op- rior results in action games erators as well as game players. For example, both security experts and game developers can learn how • Authoritative clients: exploiting compromised game systems have failed to prevent cheating, and how clients to send modified commands to the other they can design their systems that can eliminate or honest clients who blindly accept them minimize the possibility of being exploited by online cheaters. On the other hand, game operators and play- • Information exposure: exploiting access or vis- ers can learn to recognize cheating and manage the ibility to hidden information by compromising risks of encountering cheaters. client software Our classification of cheating consequences is de- • Compromised servers: modifying server configu- rived from the traditional aspects of computer security rations to get unfair advantages such as confidentiality, integrity, availability and au- thenticity. However, we find that these traditional four • Bugs and design loopholes: exploiting bugs or aspects are insufficient to explain cheating in online design flaws in game software games. Fairness is another important perspective in understanding security in applications such as online • Environmental weaknesses: exploiting particular games. This echoes the result of [16], namely that the hardware or operating conditions most important new security concern in online game design is about fairness enforcement. However, this is an ad hoc framework, and a lot of This paper extends our previous work in [15, 16], online cheating does not readily fit into any of these and is organized as follows. Section 2 reviews the re- six categories. lated work in this field. In Section 3, we identify com- Author 1 et al [15] reported a more thorough ef- mon cheating forms as they have occurred or might fort, which identified eleven common cheating forms occur in online games, including cheats that we have in online games, and structured them as as to help se- ignored. Misconceptions in [15] will also be corrected. curity specialists understand the threats underlying on- Section 4 describes our three dimensional taxonomy. line game cheating, as well as to look for countermea- All common cheating forms identified in the previous sures. In addition, Author 1 [16] thoroughly exam- section are classified using this taxonomy. Section 5 ined cheating that has occurred or might occur in on- presents some results deduced from our taxonomy, and line Bridge systems, and organized them into a simple finally, Section 6 provides some brief concluding re- framework. marks. There is also a large amount of literature investi- gating the definition of taxonomies for security vul- 2 Related Work nerabilities, attacks or intrusions in a general setting. For example, Landwehr et al constructed a classifica- A number of authors have attempted to define a tion of security flaws in software with respect to gen- framework for classifying and understanding online esis (how did the flaw enter the system?), time of in- game cheating. For example, Davis [5] categorized troduction (when did it enter the system?) and loca- traditional forms of casino cheating and discussed tion (where in the system is it manifested?) [7]. Kr- their potential counterparts in online games. How- sul conducted his PhD research on software vulnera- ever, a casino is not representative enough to reflect bility analysis and taxonomy construction [6]. Neu- all forms of online game settings, where cheating may mann et al gave a taxonomy of attacks with respect to occur with different characteristics. the technique used to launch a given attack [12]. The 2 MAFTIA project [3] proposed a taxonomy for intru- “win trading” collusion in the WarCraft game, sion detection systems and attacks. Lindqvist and Jon- were discussed in detail in [16].) sson [9] conducted a brief but useful survey on desired properties of a taxonomy, and defined a taxonomy of C:* Cheating by Abusing Game Procedure. intrusions with respect to intrusion techniques and re- This form of cheating may be carried out without sults. All these studies are relevant. In online games, any technical sophistication, and a cheater simply a player may cheat by exploiting a “vulnerability”, or abuses the operating procedure of a game. One by launching an “attack” or “intrusion”. However, as common case is escaping: a cheater disconnects will be discussed later, online game cheating also has himself from the game system when he is going some unique manifestations. to lose [15, 16]. Another example is scoring cheating [15] in on- 3 Cheating in Online Games: Common line Go games, which abuses the scoring proce- Forms dure as follows. When a game is finished, “dead” stones must be identified and then removed by Before defining our taxonomy, we identify all hand before the system can determine which side cheating forms known to us, as they have occurred or wins this game. During this scoring process, might occur in online games. however, a cheating player may stealthily remove Eleven common cheating forms were identified in “alive” stones of his opponent, and then “over- our previous work [15]. While furthering our study turn” the game result. (When the size of territory on game cheating, however, we have seen the need of occupied by each side is close, this cheating may refining our previous framework, and now present a re- easily escape the awareness of the cheated player, vised listing, which classifies cheats into 15 categories. especially when he is not a strong player.) (Those that are new, or are significatly revised version of the categories listed in [15] are marked with aster- D: Cheating Related to Virtual Assets Virtual isks.). characters and items acquired in online games can be traded for real money. Lots of cheating related A:* Cheating due to Misplaced Trust. Much cheat- to these virtual assets can then occur. ing involves modifying game code, data, or both on the client side. A cheater can modify his game E:* Cheating due to Machine Intelligence.